amorfo77/sogo
1
0
Fork 0
mirror of https://github.com/inverse-inc/sogo.git synced 2026-03-22 06:42:44 +00:00
Code Issues Projects Releases Wiki Activity

fix(core): add security flags to cookies (HttpOnly, secure)

Browse Source 
Fixes #4525
This commit is contained in:
Francis Lachapelle
2022-04-04 16:00:06 -04:00
parent f331211977
commit 0f3d7dc6bc
3 changed files with 10 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
UI/WebServerResources/SOGoRootPage.js
View File

@@ -7,11 +7,6 @@ function initLogin() {
date.setTime(date.getTime() - 86400000);
var href = $("connectForm").action.split("/");
var appName = href[href.length-2];
document.cookie = ("0xHIGHFLYxSOGo=discarded"
+ "; expires=" + date.toGMTString()
+ "; path=/" + appName + "/");
var about = $("about");
if (about) {
@@ -118,9 +113,7 @@ function onLoginCallback(http) {
if (http.status == 200) {
// Make sure browser's cookies are enabled
var loginCookie = readLoginCookie();
if (!loginCookie) {
if (navigator && !navigator.cookieEnabled) {
SetLogMessage("errorMessage", _("cookiesNotEnabled"));
submitBtn.disabled = false;
return;